Customer ID Check Privacy Notice Template

Last updated: 25/06/2026

This template is designed to help Inkless customers explain their use of identity verification and verification-only link workflows to end users. It is a starting point only and should be adapted to the customer's actual process, lawful basis, retention periods, provider configuration, and sector-specific obligations.

Important: This template is not legal advice. The customer sending the ID check remains responsible for deciding why the check is needed, identifying the correct lawful basis, deciding whether any image, liveness, face-match, or other sensitive processing requires additional legal analysis, and ensuring the final notice matches its real-world processing.

Suggested template

Identity Verification Privacy Notice

[Your organisation name] uses identity verification checks to confirm the identity of individuals who are asked to complete [document signing / onboarding / compliance / fraud prevention / account verification] steps.

Who is responsible for your data?
[Your organisation name], of [address / contact details], is the controller for this identity verification process.

Why we are carrying out this check
We use identity verification to [describe your purpose clearly, for example: verify that the correct person is signing a document, reduce fraud risk, meet compliance obligations, or protect against impersonation].

What data may be used
Depending on the workflow, this may include your name, email address, phone number, identity document images, information extracted from those documents, selfie images, liveness or face-match results, device and browser data, IP address, timestamps, and the outcome of the verification check.

Sensitive or biometric processing
Depending on how this check is configured and how the verification provider operates, some image-based verification steps may involve processing that your organisation treats as sensitive, special category, or biometric data under applicable law. Where that is the case, we will identify the additional legal condition we rely on and explain it in this notice.

How we carry out the check
We use Inkless Ltd as our service provider to operate the workflow, and Inkless may use specialist identity verification providers to collect and return verification evidence and results to us.

Our lawful basis
Our lawful basis for this processing is [insert your lawful basis, for example legitimate interests, performance of a contract, legal obligation, or consent if appropriate]. If we process special category, biometric, or similarly sensitive data, we also rely on [insert the additional condition you have identified, if applicable].

Who receives the data
Your information may be processed by our identity verification service providers and by technology providers used to host, secure, and deliver the workflow. We only allow processing that is necessary for the purpose described above.

International transfers
Some of the providers involved in this workflow may process personal data outside the UK. Where that happens, we aim to ensure an appropriate safeguard is in place, such as the UK IDTA, the UK Addendum, or another lawful transfer mechanism.

How long we keep the data
We keep identity verification records for [insert retention period or rule], unless a longer period is needed to deal with legal claims, fraud prevention, regulatory requirements, or evidential issues.

Your rights
Depending on the circumstances, you may have rights to access, correct, erase, restrict, object to, or complain about our use of your personal data. To exercise those rights, contact [insert contact details]. You may also complain to the Information Commissioner's Office if you believe your data has been handled unlawfully.

Contact us
If you have questions about this identity verification process, contact [insert privacy / compliance contact details].

What customers should customise

Practical note for customers

Not every ID check will involve the same legal analysis. A customer should review what its chosen workflow actually does, what evidence is collected, whether face matching or liveness is used, whether any of that data is stored, and whether UK GDPR special category or biometric rules are engaged for that use case.

Related pages

Customers can also review the Inkless Data Processing Agreement, Privacy Policy, and Sub-processors & International Transfers page when carrying out vendor due diligence.